People commented so nicely on my first build tool FBU that I decided to push it to the Elixir package manager Hex.pm. I renamed it, though, since people pointed out that it could be used to build anything, not just the front end. So now it’s called (still unimaginatively) MBU: Mix Build Utilities.
EDIT 2017-04-04: I have since renamed the project to MBU: Mix Build Utilities and published it on Hex.pm: hex.pm/packages/mbu. I have edited the links and code examples in this post to reflect that.
tl;dr I wrote my own build tool using Elixir’s Mix: Nicd/mbu.
As part of my Trainfulness project, I sometimes upload Creative Commons licensed videos to YouTube. I always make sure I have the proper licence, as I want to play fair with content creators such as NRK (the Norwegian Broadcasting Company). But lately I have received a couple of copyright claims from the company Pirames International. This would not be that much of an issue if YouTube did not make handling the cases extremely frustrating.
This post is sponsored by Dotcom-Monitor.
Load testing is an integral part of deploying any web service. It should be done already in the development phase to find bottlenecks and after deployment when users’ usage patterns are better known. That’s not where it stops, though, as load testing can also be used as a regular part of the web service’s maintenance. Deploying new features without checking their effect on the performance of the service can be a fatal mistake, which is why load testing could be very important when integrated with a continuous integration or continuous deployment system.
Reddit is a good place to share content, but also a good place to attempt to make some money on clicks from unsuspecting or indifferent users. Lately I’ve been seeing a pattern regarding videos stolen from other YouTube channels, reuploaded and monetized with ads. These videos are then mass posted on Reddit by bots masquerading as real users.
tl;dr: Spambots are posting links to stolen videos on Reddit, copying comments from others to masquerade as legitimate users.
In my last post I wrote about StartCom’s new StartEncrypt service and its misleading advertisement email. In it I mentioned that they were not using the ACME protocol that Let’s Encrypt is using, but their own StartAPI protocol, for which documentation is behind a login. Their client was also not open source.
It didn’t take long for the first security issues to be found. Computest found multiple vulnerabilities in the StartEncrypt API and client, the most critical of which allowed the user to fetch certificates for domains outside their control. Domains like
facebook.com etc. The following quotes speak volumes about the security of StartEncrypt:
A malicious client can specify a path to any file on the server for which a certificate is requested. This means that, for example, anyone can obtain a certificate for sites like dropbox.com and github.com where users can upload their own files.
The client doesn’t check the server’s certificate for validity when connecting to the API, which is pretty ironic for an SSL tool.
As Computest points out, when a certificate authority publishes a service which such problems, they are undermining the thing they are paid for – the trustworthiness of their certificates. Personally, after the latest events with StartEncrypt, I would no longer recommend StartCom to anyone, for neither paid nor free certificates.
Before Let’s Encrypt existed, I – like many others – used to use StartSSL, which offered free domain validated TLS sertificates. It was a useful service, but not without its flaws, for example the user interface was very clumsy to use. When Let’s Encrypt arrived, the automation made me jump ship immediately. But a couple of days ago I got an email from StartCom, the company behind StartSSL, that piqued my interest.
This is a project that I’ve been working on for a month or so on my free time (of which there really isn’t too much). I started it on my company’s 12 hour hackfest, where I didn’t get anything worth showing done (it was all backend stuff), but now it’s ready to be published. *drumroll* So, it’s time for the reveal:
Honestly, some days it feels like web development is the art of building a self-aware network of node.js packages that sort of does what you need it to do… until someone on the other side of the planet inserts a breaking change in a patch version and the abomination you have created decides to set your house on fire instead.
‘Conqueror’ is about a world that is kind of falling apart around you, and you’re looking for a conqueror to save you. But you’re looking for the conqueror in someone else, which I think is something you should not do. You should find the conqueror in yourself first, and be your own hero. If you stand strong, then you will stand for a bit longer.